This popular messaging app could open your phone to hackers

Viber, a messaging app with 175 million users and counting, has a flaw that could let hackers take over Android phones.

The fast-growing messaging app Viber, which has 175 million users—and claims to be adding 400,000 every day—has a flaw which allows hackers to crack Android phones.

Viber is an app which allows users to make free phone calls and send free texts from their phone. 50 to 100 million of the users are on Android, according to Google Play.

A security flaw in the app allows hackers to use the message popup to bypass Android’s lock screen and gain access to the device, according to the Bkav security company.

“The way Viber handles to popup its messages on smartphones’ lock screen is unusual,” said Nguyen Minh Duc, director of Bkav’s Security Division, “resulting in its failure to control programming logic, causing the flaw to appear.”

Bkav reported the flaw to the app’s makers but has yet to receive a response. They suggest keeping your smartphone close and installing any patch the makers may issue when it is available.

Smartphones with lock screens have seen vulnerabilities before, though most of those are, as The Hacker News put it, “fancy finger work” hacks. This one, though far from simple, seems like a more accessible hack, and therefore, more likely to be exploited on a large scale.

UPDATE: According to Viber spokesman Jonah Balfour, the company has moved quickly to fix the issue.

“As it turns out, Viber has issued a hot fix update that addresses this issue which is available on the Viber website at http://bit.ly/12npiZo. It will also be made available on Google Play in a few days once it passes more rigorous testing (Viber wants to make sure nothing was broken while fixing this issue).

“I can tell you that Viber takes this matter very seriously and has acted quickly to allay any concerns.”

Curt Hopkins has over two decades of experience as a journalist, editorial strategist, and social media manager. His work has been published by Ars Technica, Reuters, Los Angeles Times, and San Francisco Chronicle. He is the also founding director of the Committee to Protect Bloggers, the first organization devoted to global free speech rights for bloggers